Tracing Transactions Across Cryptocurrency Ledgers€¦ · •ShapeShift (Aug ‘14), Changelly...
Transcript of Tracing Transactions Across Cryptocurrency Ledgers€¦ · •ShapeShift (Aug ‘14), Changelly...
Tracing Transactions Across Cryptocurrency LedgersHaaroon Yousaf, George Kappos and Sarah Meiklejohn
University College London
Bitcoin and anonymity
Bitcoin and anonymity
“…privacy can still be maintained by breaking the flow of information … keeping public keys anonymous”
“ if the owner of a key is revealed, linking could reveal other
transactions that belonged to the same owner”
Anonymity defeated
On-chain tracking
USENIX Security 2018 Privacy Enhancing Technologies 2018
Cross-currency tracking?
Cross-currency trading• ShapeShift (Aug ‘14), Changelly (‘13)
• Cross-currency trading service (lightweight exchange)
• Allow users to interchange multiple coins/tokens
• ShapeShift supporting 32 coins (Aug ‘19)
• Changelly supporting 107 coins (Aug ‘19)
Why cross trade?
• Non-custodial (Does not require coins in an account)
• Easy to use
• Potential extra anonymity?
• Single rate charge
How to perform a shift?
1
How to perform a shift?
1
2
User’s destination address
How to perform a shift?
1
2
3
What is cross-chain?
?
Coin A
Coin B?
User
Shifting Service
? Unknown
What is cross-chain?
?
??
Aim to find the link“shift”
?
User
Shifting Service
Unknown
Coin A
Coin B
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
How?
0: curIn: “BTC”curOut: ”BCH”amount: 0.51566669timestamp: 1525650476.615
1. Scraped public API for recent transactions
https://shapeshift.io/recenttx
How?
0: curIn: “BTC”curOut: ”BCH”amount: 0.51566669timestamp: 1525650476.615
Currency user sent, Input
Currency user wants, Output
Input currency user sent
1. Scraped public API for recent transactions
How?
0: curIn: “BTC”curOut: ”BCH”amount: 0.51566669timestamp: 1525650476.615
2. Search and find this input transaction
+/- blocks
Exact value
How?
UserShapeShift
2. Search and find this input transaction
How?3. Confirm this is correct via official API + find the output transaction
https://shapeshift.io/txstat/<address>
status: "complete"address: "35EgH9XDA2xHhYmuVVrU8FYvwZdetEjSHs"withdraw: "13JwaysXv433bqAWdkHiPEFKRHKzYXrtgh"incomingCoin: 0.51566669incomingType: "BTC"outgoingCoin: "2.7965838"outgoingType: "BCH"Transaction: "e33779961628f9868cad28c0331a9ccb78f76c90240fc14be1b69075377d82b0"transactionURL: "https://explorer.bitcoin.com/bch/tx/e33779961628f9868cad28c0331a9ccb78f76c90240fc14be1b69075377d82b0"
ShapeShift address
Output transaction
How?
outgoingCoin: "2.7965838"outgoingType: "BCH"Transaction: "e33779961628f9868cad28c0331a9ccb78f76c90240fc14be1b69075377d82b0"transactionURL: "https://explorer.bitcoin.com/bch/tx/e33779961628f9868cad28c0331a9ccb78f76c90240fc14be1b69075377d82b0"
ShapeShift
Output transactionRecipient
3. Confirm this is correct via official API + find the output transaction
How summary
1. Scrape public API for transactions
2. Search and find the input transaction
3. Confirm this is correct via the API and obtain output transaction
Linked cross-chain
?
Coin A
Coin B
User
Shifting Service
? Unknown
Found the link“shift”
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
Results
• Scraped ShapeShift public API ~13 months
• 2.8 million shifts total
• Parsed blockchain data from full nodes
• Top 8 currencies - 2.3 million shifts
Cross-chain activity• Traced 1.3M transactions cross-chain
• Corresponding input and output transactions
76.86
23.14
Worst Case (Bitcoin)
Traced Not traced
90.54
9.46
Best Case (Zcash)
Traced Not traced
U-turn• Two shifts, close proximity in time and value
• Use the same coin or address between shift
• Follows movement of user coins
2nd
shift1st
shift
≈95576
10566
1120
Basic (value & time)
Same Address
Same coins
95576
105661120
2nd
shift1st
shift
≈
Round-trip• Two shifts, close proximity in time and value
• 1st shift value similar to 2nd shift or return to the same input address
• Advantage over U-turn: identity of initiator is known
85057
10490
Regular
Sameaddress
85057 10490
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
Case study: Starscape Capital Scam• Investment firm promised 50% return in cryptocurrency arbitrage fund
• Raised 2000 ETH in January 2018 (2.2M USD)
• Disappeared
• 192 transactions (total) – 109 shifted to Monero (465 ETH)
• 2x Monero addresses that received shifted coins
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
Case study: Anonymity coins• Zcash: Shielded pool, privacy feature that hides values + address
• Dash: Coinjoin, privacy feature that mixes transactions with other users
• Significant total volume from both of these coins however…
Zcash Shielded pool 3,808 transactions
774,380 USD
Pool funds sent to ShapeShift
2,068 transactions
1.2M USD
Coinjoin funds sent to ShapeShift
DashCoinjoin
Case study: Anonymity coins
• …we find usage that does not provide anonymity
• Dash U-turns
• Same coins - 5.6%
• Same address - 64.6%
• Zcash U-turns
• Same coins - 28.7%
• Same address - 54.2%
Our contributions
• Blockchain analysis of transactions moving cross-chain
• Created heuristics analysing user behaviours
• Defined a common relationship heuristic identifying major entities (in
paper)
• Investigated real world scams which made use of cross-chain transactions
(more in paper)
• Analysed how users make use of privacy-coin features
Authors are supported by the EU H2020 TITANIUM project under grant agreement number 740558.
THANK YOUQUESTIONS?